From 520427f1479227646b42b779c806bc4e220af280 Mon Sep 17 00:00:00 2001 From: Cody Scott Date: Wed, 8 Mar 2017 16:50:35 -0500 Subject: [PATCH] Adding authentication steps diagram --- README.md | 10 +- authenticator.py | 16 +- nginx.conf | 14 +- notes/Auth.graphml | 999 +++++++++++++++++++++++++++++++++++++++------ notes/first.png | Bin 0 -> 11934 bytes notes/second.png | Bin 0 -> 12416 bytes notes/third.png | Bin 0 -> 11560 bytes service.py | 4 +- steps.md | 7 + 9 files changed, 913 insertions(+), 137 deletions(-) create mode 100644 notes/first.png create mode 100644 notes/second.png create mode 100644 notes/third.png create mode 100644 steps.md diff --git a/README.md b/README.md index d499618..da09f9c 100644 --- a/README.md +++ b/README.md @@ -17,12 +17,14 @@ If auth token is valid route to the internal service (ex. port 9000), passing th When you login to the auth service it will provide an auth token which will be used for subsequent requests. +[Diagram](https://github.com/Siecje/nginx-auth-proxy/blob/master/steps.md) + ## Adding a new service Add the nginx config to run the service locally on an available port. -Configure the new service to authenticate via ```REMOTE_USER```. -Add the required headers for the service to ```authenticator.py``` -Restart ```nginx```. +Configure the new service to authenticate via `REMOTE_USER`. +Add the required headers for the service to `authenticator.py` +Restart `nginx`. ## Running @@ -48,5 +50,5 @@ python authenticator.py & python service.py & ``` -When you visit ```http://localhost:8081``` you will need to login. +When you visit `http://localhost:8081` you will need to login. As long as you use the username 'admin' you will be able to access the service. diff --git a/authenticator.py b/authenticator.py index 348f468..e84c2c1 100644 --- a/authenticator.py +++ b/authenticator.py @@ -1,6 +1,6 @@ import base64 -from flask import Flask, abort, make_response, render_template, request +from flask import Flask, abort, make_response, redirect, render_template, request from flask_wtf import Form from wtforms import HiddenField, StringField, PasswordField from wtforms.validators import DataRequired @@ -35,10 +35,13 @@ def ValidUser(user, password): @app.route('/', methods=['GET']) def authenticate(): - token = request.headers.get('token') + token = request.cookies.get('token') + print(token) if token is None: abort(401) username, password = DecodeToken(token) + print(username) + print(password) if ValidUser(username, password) is not None: # Add headers to be authenticated with services resp = make_response() @@ -48,9 +51,9 @@ def authenticate(): abort(401) -@app.route('/login/', methods=["GET", "POST"]) +@app.route('/login', methods=['GET', 'POST']) def login(): - target = request.headers.get('X-Target', "") + target = request.headers.get('X-Original-URI', '') print 'Target: ' + target form = LoginForm(target = target) if form.validate_on_submit(): @@ -60,14 +63,15 @@ def login(): target = form.target.data auth_token = ValidUser(username, password) if auth_token: - resp = make_response() + resp = make_response(redirect(target)) resp.set_cookie('token', auth_token) print "before target" print target resp.headers['Location'] = target return resp + return render_template('login.html', form=form) -if __name__ == "__main__": +if __name__ == '__main__': app.run(port = AUTH_PORT) diff --git a/nginx.conf b/nginx.conf index cd15f1a..2f2f4ed 100644 --- a/nginx.conf +++ b/nginx.conf @@ -3,8 +3,6 @@ error_log /var/log/nginx/error.log debug; events { } http { - proxy_cache_path cache/ keys_zone=auth_cache:10m; - # The application listens on port 9000 as implemented # in service.py. upstream backend { @@ -31,8 +29,9 @@ http { } location /login { - proxy_pass http://authenticator/login; - proxy_set_header X-Target $request_uri; + #proxy_pass http://authenticator/login; + proxy_pass http://127.0.0.1:8000/login; + proxy_set_header X-Original-URI $request_uri; } location = /auth-proxy { @@ -40,15 +39,14 @@ http { # The authenticator listens on port 8000, as set # in authenticator.py. - proxy_pass http://authenticator/; + #proxy_pass http://authenticator/; + proxy_pass http://127.0.0.1:8000/; proxy_pass_request_body off; proxy_set_header Content-Length ""; # Login service returns a redirect to the original URI # and sets the cookie for the authenticator - proxy_set_header X-Target $request_uri; - proxy_cache auth_cache; - proxy_cache_valid 200 403 10m; + proxy_set_header X-Original-URI $request_uri; } } } diff --git a/notes/Auth.graphml b/notes/Auth.graphml index 81a2417..95ef258 100644 --- a/notes/Auth.graphml +++ b/notes/Auth.graphml @@ -1,6 +1,6 @@ - + @@ -15,13 +15,12 @@ - - + - Service + Authenticator @@ -33,13 +32,12 @@ - - + - Authenticator + User @@ -51,13 +49,12 @@ - - + - User + nginx @@ -69,13 +66,12 @@ - - + - User + Login @@ -87,13 +83,12 @@ - - + - nginx + Service @@ -105,13 +100,29 @@ - - + + + + First request to the service + + + + + + + + + + + + + + - Login + Authenticator @@ -122,14 +133,13 @@ - - + - + - Service + User @@ -140,116 +150,871 @@ - - - - - - - - - + + + + + + + nginx + + + + + + + + - - - - - - - - - - + + + + + + + + Login + + + + + + + + - - - - - - - - - Valid Auth - + + + + + + + + Service + - + - - - - + + + - - - - - - - - - Invalid Auth - + + + + + + + + Response is a login form + - + - - - - + + + - - - - - - - - - - - - + + + + + + + + Submitting the login form + + + + + + + + - - - - - - - - - - + + + + + + + + Response is a redirect to the service + + + + + + + + - - - - - - - - - - - POST to /login/ - + + + + + + + + Authenticator + - + - - - - + + + - - - - - - + + + + + + + + User + + + + + + + + + + + + + + + + + nginx + + + + + + + + + + + + + + + + + Login + + + + + + + + + + + + + + + + + Service + + + + + + + + + + + + + + + + + redirect to service + + + + + + + + + + + + + + + + + Request to the service + + + + + + + + + + + + + + + + + Response is from the service + + + + + + + + + + + + + + + + + Response from service + + + + + + + + + + + + + + + + + Response from service + + + + + + + + + + + + + + + + + Response from service + + + + + + + + + + + + + + + + + Authenticator + + + + + + + + + + + + + + + + + User + + + + + + + + + + + + + + + + + nginx + + + + + + + + + + + + + + + + + Login + + + + + + + + + + + + + + + + + Service + + + + + + + + + + + + + + + + + Response from service + + + + + + + + + + + + + + + + + + System diagram + + + + + + + + + + + + + + + + + + Steps to access the service + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Valid Auth + + + + + + + + + + + + + + + + + + Invalid Auth + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + POST to /login/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Valid Auth + + + + + + + + + + + + + + + + + + Invalid Auth + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + request to /login/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Valid Auth + + + + + + + + + + + + + + + + + + Invalid Auth + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + POST to /login/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Valid Auth + + + + + + + + + + + + + + + + + + Invalid Auth + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + POST to /login/ + + + + + + + + + + + + + + + + + + diff --git a/notes/first.png b/notes/first.png new file mode 100644 index 0000000000000000000000000000000000000000..c5ed3cce4c954c05e872ea66c4ba8dde05045920 GIT binary patch literal 11934 zcmeHtc~Dc?x^EoNZX9S^85EEs&LE}%6%a^TltxiO5nGfYN>mhqfRQm1jwlEbK|xTW zLZEY05YdDXNK}Lf2vJZ0L)c1yh>!%5kPwoc+zoc0?s|1@-FmmqyQkiJ{*g+pz1RNM zx4!kQZ~R@_<>NKSaFHPl2Ai{O>lQy4Y^pKzyZzk^=*b!(xf1%Dg7x$AfR(mb3_yeF zVVibtg2Bqkv$Tf{pz-(7TlZsOupduN{HAmtwMu}&);ez6vdKRoL@cnsh;JvrhnHWx z?J<2`kn`>5W}9C1JfAYtujr>O=hGJ0=w{8W{9#${0-NdE?s)t(WBm-%wLw+UnbwE) zR(kg(U;QomDKR%CKyl{#q}v{e7gG$~$4qS``Pi_ds#gM>RHx*KUXi5k6eIkop4a6X zCXonmE%9N$wCJUpD+64D;&-5PWHkq5F6X(Pw1a)#aI@_p$&!uA6nrF_94u2A zCYX2|*g7#D_VMFLKtu~Bq`9*CWr)CeaP8VQgcAc3GV(J0GM1qK6eAM!|DA({^W$RP zAQ8yoe32Q;-M+tuOo+mf(X>pkug}}ocWYn1Z!phOnA*q!mdaPO`uw`Vp zim}!DW+na=O(S&uj5sSt2THQX-!#NJ$Fd`nXw>mk*U;rE0!lMtJlpUu~${I6uRSA0~x0qc(v!B6Z zT_eqD7-^4j(?tVk$3{F@*@nMHMU=a~WTe{#)&6+(ReH|lNMBVSb%hnSl0?*$M(#mJ zF-+W*FU?ehh;bZos21(M0UYfmBO|O_t{46o{VuXazHiY5?)o?jm21ecYY_K4?S9;L z*uK+ymfwLbohC`aJgoZJt&Pg0mUE8E$ag4e{Dv8>UPG59b11{Oz zszO_CWeL3Ln29D^cE{s!65PoMP34=iu<*;}=*}-qFR~;JcY=aggrGeb(u)k!4^;n$ zC+E-F0S7ib0$!v{)6`Kpn20W#hz}OKS)5quev}i*+GXjEKwkJnXWCN+I!fqaT&I!B zUL`sONc$vaN*kWOXm>=^TZ%ru4_i{7A^)l0aWQz-XfRmnE*n^~^?&}TGDW0CX{&XlQKI(5CwA=G)4UR{g_EznzzG^?t z>F!RCu~&2E^SCUqE5BJyz9t#A_3pu3sobIjQ?eR$g~ zE4n3!;mhsgNEB^IkSl_nFUm{OeX2apAHxO<)LlPk`)yhpH>+_p&tB$T*GIPqg4-P5 zRNak87<%6qm)T|K7bZ{>W2L4g5qrIb=@?gH&=50Dm~I8^Lewh~vYw-*8OOCJc3}1% z=JHMR%hBE>%6Q1^bb{S8X$+>9`J6Xr%PQk_p^V!W#HG!q`diPG2yU8am@PmTM4nBS$GGd=6I!eL#|2k4TuZ$Xc-A2)~QCIbQ7Q6m^oqoyMDxVm$nBAV$%7 z1}ER}EDk6vN`rbY*2_gm(jf$usfH+fMvAzlpDE9>hbT5 z!hO06vlp-<>Xk^HHr!K++D{50|`Xusns5 zk5SG4xP*4NTHT*7@UkL22GCx=zsyDij(oXSw%9mrbAel8YmKTKC&)n&JAuXdZl1ky z>B1X-Aro%t{Q82Fq}Q~2TKBmEY9IY|?(npHFv!tig5KK$`Gc49 zXt5ukj)Tx%#6Wk#NS!H*(VcWpBajjqz{&jIcfFi2=0Nzt5j;^uAt*a_-N*lsoWG6V z-E70mgg>SEbT-vv*<$L{gBQMj`_tyHJI}rIRkE*k*=*_AZ38>H%Gi1YI)2Ch*5}D| zH$v6+D_@s*EMfuTs^;QBg!(XvyN=qkj@dz^z^ADigc*KQ9*YXeRg&|jafz~`L87_| zyui;+ZQDW%@X9v4y%WQ}vEphzUVI{0CA5kch$zzdj@>psS+3jb$Z@mYFEQow)x;Ey zQw~>!Ax2m1+(e@&2&H#ge!FpC=G=8X6}&3RJygwV z`m8lL5)K#QcjzU4p9flEP6lKFA_zgiUajIeE2l zNmKtI%ai7-?7WC@w0ir>%1H|=@r(ITgx&QQ4pS9nnQXaFJ7MgTF5~zg3b)EQTX^%~ z^Z`!s4TSH!qDh6=m4SV3xO!3-CSH1c)vP|}mG{4%?k1O(?`^+L&F){6h*y7lNsu}F zo%MTTEt>9ZEZ?~&JJrNxCZ1-Wo&oSCwY%O zu+EcqEE7BRW~#b)wYO*5&G{ewUpejEZF8XaCaffseLVFW$^QXa?!VL|=@|;u_$Ivg zL;C)w+C5OWzYB`2lFN6-?+v}L$%p~FqWL6Hj*QojDEXQ|Tqj=M*H$9n1P2Xa%72+S zzO2+QIjQ%W6XV(2nvyR0#UPz{bA$-|09At2eI{4wLAd@A3ylP{U!=NHO&OpkP(%A5 zU9r>M95QKZjyt^_i3)3@Nto5w6i1lael1*ms4iRJH(gl;c%r&dNSsQG~Xd; zxP&fJ8Cf}=g5qf-u6_LdvoWoFT8%6+7FJbP4>T!+$n z>Q(xY6jA~K(1SdEm$YHgYGb4fUrMyCDw{5JGl zs~qJ{1_mHS48@#9yM{E7n=NV;&a~NwQC_GEbIDEItt1}1td_Cy0^`sNy+*2+=y+1F zJE~w|FQ6YIt8nGNzT0O??U@HHwJ@+Uepb&Xr=j3_la|AkS6U+T7hzektcylcmV5W> zF8Ojf8A;SE0pg=>ex@_Q3%ogPx=~+UZ`IabHA=7W)wl=T`*Lr4-l@dHCM2H=X()#{ z;8|B_A|-NuD`uE49gti*&06fJ!Z&mYQ!vP0O-uTG!3G9}fw;K6Z%NI&Ow&}odM4>1 z(3rOu6`Y;wb!u^j5oaMlvOh{?}F6BX~DcIEQXFC|ipifoRgn==@` zoJjlVL2-((yqMcr1KR6GMd;aNJC^u?kz{}Y=iq}^`60#zIo+5;&CtOYNCM-`;16lMr4nDgP37e@BQ?x^BxolQQwik z;xj1b{g#M_H?AVknYviN_rA1ayX6qG32Qe!V_5kutZKhE*MO3LwAZRb+l~a=z?%EF zAd5i_Jx%So)7p+tFy6fBV>2MiNw^C7qHbIPZcY3g#MeuZyhf-Ll>YIlZszjCL@ zp5yzah!bM-n`3zK`_ppR%8e^q+)Il5-!^Sd^Ed_!MP}=a(;|?oCqe^=#!Z~hHrj7F zOouDobmwYn%oBa}i?{6f^fpdGg96upfW>#_-k^D~mxv*3-TBdSRUXVBAq+si>^dnZRiKu_PtAwN1ijYzUK|8_)2~WKVgMq=S_kjYX(`A9U7N6BvAJ1-! zm9kl^W}68r2|ny6w|2F<=qr$#3LVb~F?L&1@5Fwi2U!3pA;J$nA7J3BZiMm2xB+U;xV%90ZXZev%$Txh*olPQvrL8`eny=6J{)&_ z(9dS^okmeFhCaXXp}$s9f)rp3euZC4S;y;DD;X;D{S{UBny&kee76^|(uz2Ch}3PA zIFY3ATDRZ*+12mTR&4VUV)-$TQDYRuqEECBWQ2BXD+_|9yWkHxE+^FYq`{Tu0glj# ztaM(fp1GloGiB&VV+$7qQT&$v#fks}{Y>)bz#_UD$g)RpMlA#G{eo z63yD#P-f|Q<&vkjCoRC_+vxulNgPR}_B>)avpRJ0wQoRgX91R}^n}vcGdtG!+4Pa( zPQV|k$FMwO=ZvN_-5{s3{aHqOpymYo(+AT_CGS53g}vSJU>YSfG}CXjz9JBJIz5A= zBIcN~%Jf4a4?Ji;?Dr0T&^(#r53gQfvih0~$x=^cX*5T%-AG?=4iN>#iEqxUtNB4< z40Juxbf02s_(I@vmV19s=)=g*!yTW@8agUd2$+n4p(Khx8HfrqI6hP^UuDf`L&1&T zE?mE7@M%eIK#_l=eyD$zENUJCx$eCGiWaBfs%s(3E7_z$8@rc#Y-5y_5ZyI8buO6D zNe^rdw9<&SlU<2lgfV1{5o7rPd!(#l-Jgn0CDL*OZjw#9??qt?INs%uBdOh4Uq2hs zezDLx)A;f&W_f*m4S+?SJAqnOAd~ZbCevAbDs)AtTArk9>P^7MGnDhN#1s7NqBd9HDb z|18;rTaGQ5pO)SD?fU;Grf<2nLem)*tooFqF?WNPf{&mg4H9Y{wGsSfks))%`g?@(#5m(f?7z z+H)W;AZSOd<9LOpFDDqPs|Bk>r0!UF^%dgBD#?Un=}inD_&{mwJHevxE5sBuzr8wS5-1|`BShD< zx^iy1yKfaHVTW2-3)V(r(Jkp&5*|5n%))Lt0bKw4?NsobWOIVhtp*NpyNiHdTNtK3 z4!kK}UvS_A_Uo1O z-afx+I5e*c$$?@@wx-k__&}@y`4$7di3;_hacr*}{c7QPgsoXhm*{{M3sXtTJ0ahZ zz8)WRiod(Hy+S|)MCRQEgpB&D?3DjyPsMAmXoCEWI^)GmT_-5Uuq5eD^{5948nFQ3 z77y{uxJtwUL~sCiC2WkoMFG*5mV!o5-CW|>|F+%1sXtglzo|>2-JYz#A*dvFCg$TJ z$Jo=aYP31sI_D1?%+Qjl5#lq|qZJyp=xbHaiNmyAkTTZ3&FcL1Qt;4)_Qb|v@wroC z6#SJ2(3X^rmTP4E<3n0?tC&_Uc9B=bWeYSY$0(t2>dNcyHou|JigZ3?C(fTQ58KQyBEx1TH?)esae zziI8xJ$nM=oCE2fM=1sJ;asiU97{Gw@H*HNT9IO%dDXDCD;F!AO)2XulJ1=IyE_2o z>G)|!mL0#^u+q}S`*WBR7`Q}QEu5B5PKHeCVygAa7boLoCZs`zIkV*-R_IAT1IjOa z-0kxrlb@Y>BnC2_h5plTd>eg}#5XPY7vBe}X#Q&B>*yivrI)9|1A=L=k0TFfJoco) zZZA6Vb0E}T{d@Vh;WuggdzB&CYw&9Z~nwhxx}P#=O5}^r7}$f3+(Md!ECair`>2 zURY-ZfHz&JXEacUFMNC1uQxGO`3GVqp%|-MJ!()226MkkZh#Lzjm$oucB4)=+(EOK zX=MM%S9aQXY9g`j%OguHy$zmzU$oD#)D%$s`r@rO-v4Kr0jY9KTJKgpwUr~Y?;zUY z*oDH+bGWxiEdoNPEu3N4Wk&WXAthBq7EwyBGkB9BHRp>itiNps@!fD4{*>kM5NG@eU(uj!P*Dzi zRFxqv6L(?9PQR}CB>J0-ftn#Kn)-;pA=W~OYTJ~wMhsyveyg86isbP7Qz9V&ej83G z=Kr2FtcfZX5R0i9{Z&e=d|XI{{rlXgXwrQxj#q+faQj`M)omt<=?%WbN1T)=dmvS?CLDAm z(0k-OBmmTYSZxgR&un~gw4xKZYv670(C~QayvzisGMT*h^B>jp|CvVof6>Q3!|jvZ zMKZ#|Oa*)6UH;tmb#bwl6`k`SSHd!hnU%w(Zo(rm$PmS%cN! z3KF|>E$77Hk-m}LlV#z>HJ?0O>BGgE6(J3kMAt((X}Z%a`?YK5s(9(~8m3de9HiGK z;0k%yUReN7@RV#tb*;#?D@Tg`i5RhO4|n4!DcTAFB&r(Uj4V4&QRE8PTyByXcE}#h zY&KD)sxtK*r zvDL|QqwP>@9Aj&{X)CnQ2iDrLA zi$J9ZA-4KEOK=50Kd{I_19WkTSOgoq&v&TctrwM!h@t>h`TXZx1l`W~5~y}b@>~t5 z*l1bx*S~>F61Gz~+)ChJ;`GhvHi{Gc86XvtY3LhCrGf+@*J+)TuBE~< z@FecOIX_Z`P+l4t|GnH&BP7Vn4z1GF^g!q`2o3@rv9jkKyx2?nL`vN317u|jM`MPj zU1Zr)M$hJDF;*gnoUwQ>i5W+AnHx8#dd7^mndu~U@m$t_ad>(`P!+)PhrrzBlNitYMGG0nDSSsMCpEc9>(HCa4 zNh?UNh7)BmC6cm{)NS{+0lY|a~FhyA@N8V69w)8GonD5p%rE~3PP!)%oA=@`+uFHb6 z)yotMvy&Ajjl3ZMi_YYiD)+$IN-_Z|)pgSGdL{!|T;RJHGWQT} zX!ojt$TYFafq*n>FqJ93)PB-cui8=b_t#Pme7PE|1>3|Lw+Rk3f8}7JoAl3QKZ)o1 z*PxF68z=w&-|9sReXw0Ww}YhTQx+VJlUXii_@% literal 0 HcmV?d00001 diff --git a/notes/second.png b/notes/second.png new file mode 100644 index 0000000000000000000000000000000000000000..02d39b346b2beac06ac0f7aba862dc4271e79fe4 GIT binary patch literal 12416 zcmeHudsLF?+BfA?drt>*YNC@mS(7?7U`?Z`C>=CwDxESl4@jnFs#-)_xj%VUF-eU{DH3f;aS)7 z+}C{_e%E#V$oSsdYvHFWKLvq63-|2yI0ypGHU~asf13+jxvd*_0{+cPJm|FpRNb?B z3|M>;wSE6~5a?m{e0|s)VEy;_-GPZ9&}XNoKC^hotj~Zz4xjJw*na3tsAOo_1x^?q0b($A5Y$y*vqlK!n^i zLHd>xWmc=p#Fe6V?`$GF_#4iiurnvi=RlAlw?q6Z3%c(#KW}s(v3;xSqF05-k|l>Y zE25Fv2%?$jtmOmdu)7$x&kC&h8ADj1`h zfD=em3EMx;sX~``Fra$2z5RCmQ2R;R;w4kf!Ud_ zl4L$^6;w1*=T<|lFzobd4!BP+S`kPTs!rB6S5X||xHPVRN^?5t*7a;zFlwUuJHr5; zQoW0xq-7Nau!ArU$9q)Cip0ijb}8;B+UP5(Sj0;|T2!AU`H?)oW?$#d{Ly@I9Mld6 zu8HAG!mU%@V*@`<pySBH*q6#A!dh*}Sw$)Aqlo(R z0t#+C+}sVC>F!=zy^CGDMl7w9Ilqh?xY|bYWOM4X-Y3rLNtb`W7kpMu5bC8nama}R zZ4v4&rg={BLdu7axT5Riy7$9u>p3wJeoy1dbW(0CzXxUFH}g`d(OfEX%sn(+Ro`4} z(ACFc0!?kp1TKqWqxea)ZtTGxk8x*6Q+3UnOlPpy6VP<^FB{g%?yl18M{Q#+Gv2oUJ~cW*~=4au8_29T*67-p(A<^2PtdCG`** zjZV03q%Pf?;@0AP&`Q;L-gu|6p*ym^abROmo-TF!2DN0VF8O$oPhGdY%CvN}wxp%* zXV|#kf)`VUe#-CbTKG^fV5y5@hfk9CZ^WHqlOK-M059hNLJsyx%1Pr8FWLwQn zK=%#NQ8+3mlmKyJ+*Zb(j@!Vg!;@KJ-e5LQSzpiQs&7^eshbEmU0+br^(?=(gv0!_ z%gQ)H8HI?$m!Yui#_tf!ZnZ??9_J=(aYdY`3k4+l0fX{bM^GpamS*UuBBF_PGNYMp z{>F>)nt)B)TzS|A?=RmZ9p?jXz!3;ObZ5sxtN<%M*2x>$&TC8_QKF%ow9uGfu@Wsq z25a<2rBZ~z_>ZU5qUcFk+hsIMIxm(=#00Y^>{JhxZbSa=Iv*jDxk|ZfQtVEdPMv|#|tH`nZ+Nx+*T^xBKHqO|HGGP{)ioqOSV?X~;C4-Bx zcPYU{_Zw$3N`a@iZ6T+1Rwx(t?XY@f6&SDfE_cd-Ig*PZKbQS#U!= zqzZ$QmAAzq;tPbMa2;RXBNm5}P)IGQJ`|}o)}yPaQ82@--L#@CT9x!z>l+ZtEdbe+ix%}j=~g3+SSqFAJnPLi9rqGLbV}=g&i@@ z&MbxPtByWv){<&xp6hD`y6N)*RrLrazPDL(j~dZ?WR4 zy}fx$gu6+v5NU)ZL@T%CL*NV_xZ!kNM1b1@yuD41oq5Y0!&A8asl?|yb1T^WP^{p( z=)Af6{bCrl7W?eB{EN@B<)Dp&Y$P6mQxx!VK~m)qk+ipU+d1B0)jvv1}*@lzF~jgJ&ViA+DZ zaU#2t>8`7yalidTM63urtE;We8XrQZzF2y(5FC1@G+9`LsUXs{Cl&X*SC1{fW>Z`6 zfJpsSW_AD)S6^&lZtY$biZ>`lW!dh7n#hiQ*u@!MSkN-DLCq)93=$OEv`>)21ST7trc z*a?PT|5<~N*N8J&kqPyUw3CS4DE~fzpyH%ePX4#q^as#8-JUhLhpCN9-U(veUbVak z*AzYHYbvwZJJOCX8`gYYn@XOAjzx^4D*7T7J=;&iRe%)Da`eJI76bcn zw0-Z_1s7;N<9D;?5M(y_66zPKX;IHL9Oc^S9BCtDC~(%cBD!3koocn#DiMEx!Y6{Hf?x^y>(gj8hab+17`l;iz1?Z z>3=(d&6}5VCU4$Zj~OG|{paNkz#J<@xjv3gD&OgyoE2z4_Esc+__-o9`9X#IRWL7hba&g;yo4oRnZpB-g||cQawKhzYGO56hBSPLyS4e$ z;7B;^Zf*?Va@((EQ`$e1b7lTO5b-ltuq}5Ue7^q|SRR>(4CVLWdCM{mt%lIi2e>g- zxh09WI(I5oJIChD%NoAmy3DX!3me6%;KHULJyvFxCj&F+3#ruT$F1j6Zo!qNl4?eH8%wW}y4qs7)-;O*r zXlK5r4zZ?C)2*QJAX zFU?|ImUH4&lkEYzwr})#nsO$}tP-3X-a5MR%5+?4Nm!k@Y}bq%Z_RR^Uk1DMtPB>v zx~=fSuSS^_-t%N8c1*oN*v!cT8me=c@gZOvfy-y&!vEi5N1SccP&_}OWGH*z9_-;y z+g9KFA#mp%*v1Rti}pRPT64ha#*xzx3}{7VQROMNOQ&vdtg$9L{xLn!FF(IhbnFUxA)-w}3JdbF zf>#^Ga8qJp^xC4RSj{GrnoQ>oy$b;jHvyWBO~~o;EX7$=W$x73G(zTJ=DfQXgt&3R zh9BTAd~soN3_9sl$q?1Xx%<$oOQocRy}DLwQ-abOu6;S`|LXR)C21eFE8(X1*%c;3 zCNf6)c1rN3ba@S$TDg2(@SN}~N3Z5%n!kBTGre$>(;Q{D^EjNkVtv;3Iv}Mgn^Z0= zB=O+(YY z6BP2O^k@wZZ+t+d+>dLHPN+n=#Zt2=w8jR*2^#OYRQM%^L9nl2*JJ zW0eGbAB|JnD(7q^M2UCMg%jk?w$+WzvAXc{s&F;IwlRi3+!_0{ZbCty%;eO*=pmXu zm^)>^87dsPTn2-gspU8G!OuzUZOafUWDM0Zxu?`HzQIk$T7n?S65MOwq)o!#693gEP8OerN;gx;I?1j6qhcBmKyD-o}*W1}Pjsuj7!uiLe zHBzY4TvE(#NVma6`J_w zg-+9P+9H)Np%9o^s=*qISmX}z=5&A!F$xH7&#=ii^kGx1-olvJKx>)@r{`~WSfLC;yIm}WN?E@T0Fze=7jrTp+##Z|*4Hy|iJ8nt2iOx>soQ7f2@cO2wk)!Yj0V{=ERvtMd?YFYs9!{d1c!5oFb>4c+RfHX!b z$I46MX2NkoMR@UCFXfxZjq6f1f@D{?F3=ArbQKff+T)6CM>2RoX_|bG{_)jbbYMGD zh*_DYAGR)k`QhhegOcr(JyJN8D=NZ`iV`BbNTFAV;fc4}@o74a2G`wfcJ9kg&$lnj zyvFkA_Zd5kb(A8-+jQ$Vs}5)9j?cZYXXbiiyAt=bi=m1h*MfPVy((5P>aK5^+H`#K z$$aQ*I{2|>Pr%s;0sYXv@w_&DIlOtpg8g#pVkEv93#y4I!5gv44{x8I7NPRf^*M8e zW9tG|3*N5SD%ixNi?7c0YW`_Gs_9|i-wMx9*P4?3#VJx}Q|G%YMKh7N+Y&(F$B8t6ZMKN#nkaE zZPN?#*&Izieqd-;VJ?P;EiaZqg@G-BzE(GmUJfrdp_i*z^Vdy8HT&( zPC4V!g9D0`^dDx~gaZg0ETjP?-p4L>8HgrC1+N$;hDzi`LUb^zRAS|>{H&s&4 zG4ptSS?&P+>v8`B%G^ws$IlE3b}hh;_uf3|3aA~x+EYhzeZr^O7rC3ElyP|Ha1>ev z($x2Jkt9g?0I9H?I{slM*#JcSO~@Ysn~2osieH0Ytr7E0{o+ccn7;hA6;RDkBJ>&( ze-FuVG;_)xuHa8y2ftEEfPMzh*~bxR05B{9zh#_6_og;e8l0F9&_ujWHHr-gXssoU zVg-siTI?ehq8!_mtm%n{ookX-%gQc|-*ZQq{5MW-W=oI&Fth;Yd z`3ZtGwkD1)w;**w(kLPo_cj};90{5w<|N1LHMSqEBj^hy-BQjj%0`A7O@IE-`FA_K zexh?HQ$olb2gV;UJoIiydUkw1Efb?tmB#W1zFI)AdFU9iDlnDm!vL(DIjM-H1I2I` zI1DiT6{ZoF(`$f6{e`eZ3nusj0Rs;5JSuk9vB;>vy@s4U)SDw8W1$@KPa7M!7E`vr z0#B1*{&5@WkY8FQzjYvk(z>{mL;=qEH0-60IxT8HQH}iRN;OUa*xnzzKw={?Q zTFChEj}sK-W|j~C<*iq)ufao0fL^BNa#Sk?9#{Qpq6t7rH!K9D@!n=5OKr*L67t*m zjHxzc5W&BXgQ7Q6(xW`FyEPqJnZ!?9mx%Rg?9n|KW%S0ib-6&oLosWowfxL^;bPnF z6Lm6~fNm7i{fW)0ARzyppYF6ywOqSDE54rSqSl=<$N@>7+PY{g(mUaRtTTj#U9>{c zxGG`VSb9#JUF~v0E>FIimrbSJhZIDfXn(}^O>5S^<+@xnZuv$%!X8rf1t9xm4yi&{ zKE-Xlvy7&bj#|L>D%F+4x-;G&L#+8LNd7jyDA<2=COb z6>pS9OHs1mlmW_@bfZ1cs|u%GN=8`DJDJg8yMvE3>X)=fy6lm&oiq_A4C`vOEN%z8 zse8bEY!K-rzCYh9nb&=6!1)(Vil!22s7N0E$*CgU+?u7X&&~Xik7=+L$pYHc6EWAA zf^KXv(*$69>>7!SjKk3Nm=66g}3`|>>1LbzpH zqxUmfq=fS_QfGx()Pc_r#VPx=KDWFYY1zVSg!##pySHQ%s}T$aM-S8?G$v~g!E{x&N8ciHtuS1v2Ys>c(`=+H4|jIW9{`hUq9+3 z=0wV6Zt?IDnHO6|f$UyDUszu((MTN1_(#sGaRLL@;s?)tJv@+{ia+-1E#b@FX`-v(mSLDRK}P}ay) zM;dlH>VYv0oodZoBXBPEP5b03Q^%SAVboSbOKcX?RFWpCN+p-j(Df+mL2n9E(zZoM zLmd;07vK;aIQw_!2F&his?7+S$@uPwScwZK?@;Qg;YXcLDTxm2mXMIxbJ^c2^Z_YQ-Y+&vnG9ckFbZ%lA9qcJ;&bL@09q8UQN%6)TK6}hPXN5JS=rIr`xlP* z3nl#pIsaP$b-Vbp6&t#MSm)!R{pM~8(hAf7pQ;*XopqQh6hU8frP>0+$-jNW?*LdS zPyYJqFKztWwsCe3A|L=9Fh)=JuvS017~3{&QWqPh%K}cS1+B{8si2^F5G=-lr7fNY zZACFT;N=E9Ap~{A_3Nq51<2urvdE8RL@y_U)8Pg>P!=Hr6} zE&qzHi>FjbMNa`#zmbn_2MfAe-2_rCk9HV?XfN0ikA8E92O~#Y;>f{bVxn5_2Z0yp z)aab1)xcP8?MR6h1+CQ#pT`9Z5o!;FcF7>P7ap+GQPAd zcKW5_ukbR}&qvi3(pMoh9I%W=tdpxqM)|4ZZaYz^X^%Nu7UN#gAl2@1L!RYWhd+Y0 z=Kwb)?KSKzkQ}|%8zXy>e38dHM$5G~2el10QEL>{J8`pU8_YS@+aE!DIAGCxpleGn z#Hxqhsi7iV3{m)fpxy7nmB{04ut`asonPrEPLK#sBO07!>pmKvM6jVz>m^e|v4~d> zi$k`s7zzVI_oAL#uZMmAmplJw!Oh#J81`VQE!9n^KSjgqC))a=fUzp2l>#X4z4G}g z)FCKce@a=v*WaUYyVSs zuLAUp=3=U=Pr~zpf^f^kQ`Vkz@Wc(rq2}hLehz63Y)?(PB4wxF;cY9`s21wR{4G*9w5pF`ylL#KLU)DkkkSWPY~XSppEj zq6er1_Z+k=rK?nkArN<-;WHvB4ly(*SJ|R^YYw^RjWOZs^l-c8u)s4?ZR2ZtJ#=zu zcd%3$9<1iOIhn9(mZm2AYpv=oYKFbWp`rQCar|1Tl5jWjyt+9YhdyzJkW8?*Ad{>) zX$xZ?4nJEnJ??&bR1*4&D07tM1F+PR6%&jB+M*b z{+BG%Cr(|@igYjD@6YCDr`#Ti4Z#dSdm}_*DbRIOW`b^%7q10oD;Fb`gwtWB4k-@u zk#Tw2Z->{(v$pAqGDZ;@seDm7MvY&4H^j$qlQqm?aKz(O(^A>l!f5$K;j2GO65R6x zL1@?GzzibN8~ky!DC6`d`VeeAas=9&$jOf8SF;PG(Q#zPPEG%M9Oo-*+oyFm3j?0*ZS%~s0O9ZpNIAHa>!%y>aTf$qW^_P$M8SP}n9GYSW z9V?CApK<)_Xm}bQ$dR0r@LgG%(_3EqC4T7Yw6;3uC#89n2D0*gpke+lY9n=e<;o{C zNo-Xk=}VuIR9N{I2@CYYZ&bBTvu!iu9?-fOUdCU`DJIMRfHtnBmtK1I&6ocT1jv7n jQU4or^5+U8+}H8y>8b^olfbVAKzlsBJ*syc`QbkRCKRf1 literal 0 HcmV?d00001 diff --git a/notes/third.png b/notes/third.png new file mode 100644 index 0000000000000000000000000000000000000000..f0416869701c6d67f9d33f437b05fec6c1530cc9 GIT binary patch literal 11560 zcmeHtc~nzbm+uXVP=JD^0v1CY$^jJ+p+v?|PKb!8l%j$JML|RegAgEOC>4i7Nhy{n zQyiEqgop?M0trY-WJ;7NLI?pPiGWGKKtkqsLF;>~-?!H5dc9t+ue(?M!3y`>bI(5K z?BAaE^#l7o7wUbd2LQlAuRS{t0e}|xuU4_{0`Ldo=$SP86L-jSJ5WY99|a%ghyCdD zBLI}+^_3^J!RK$H_Z*7@fNw9%{y_#qp@{&nsorbnk3S^_2?k)-F7VN|6FvuC2Hab* zeT81JZgc9f!2APGUK%aiaHu%ZOAqxZSR@m$05dfMqO3{i^v#5CES&&cUx z^OGp{6}`LW0h`jnqv+=YK!cVQ06g;m&$#K=|NBtbcx_E>^>K|YV9vR}6!+rY2?rBW z&G{pa?81uYh=cB@-&#TgydlLS&Ja`Q$6A|@?kpo_rL`T7!&n4!P9a~P+UDN-Qm>)O ziJ`SQ$wew`2xj#hZcNf+Wbb_~s7m9FC08R_CtSUv6cg%6yZR>~U1g-Onc-_t9L(4BVKXi?QdhEsfdHy09p?r`0_X!H+9Uql`07&*&2 zL%KciLccfBu9ZV4AX5VS9od8RSXOt;<8fBdE1kl!Y2mvk{9Hxe`8K!Anz$R5sK^=D z+hqQ8w0aV=V}xnYu)~Exg}gidy(g=GN}rw>LuLqS#AT#1lafg^nQumBaPe&ZyQ%4k zS{k#)S`&DMW=O(AQIQdil<*^&s*N*~@grqi47gI0a~l$<3bIPCiZnyaEwd;;)z> zR`e!aA^ybdXT0>LlQGIhl|Ue=MyI_KN^-|p&Z0Ln?_{hvPDbQ7cP*i9z^NI}4mVNL zI=B?w7YW1&;cDFThy_CrbHgDYjoV5|Im|RqY42oja<3&TGQf7di#~J0a44aQk%LSe z2o4}$tCafK29a4h%uJ_368h5&Y750p>bAVaHB;%7fVDJZs{;sZ-xFb2`lORErUP&- zwzmRkw*#sH+)7XijMpE90Kne$e-UPX4UGTptenT=CA|0VPvw^IYRTh$)lp@6vLAp6 zqr8KVJ^J3qhvb1iAK)VPfdO@ zuE^2{0BO9Xc5v)NFX@@VmEdKkWRyr6I-JVN?M4{7}zR`G;O!=w7@s;A8}Uif0$ zLp5YUlb9#u#MJ|hxdIn}Ii9LaD6cv8Lnetu%RtY9c%Lwn{dCYK@lwx*TtqTU5_1M$ z>BO0uUU(DFAc*MQc9+J-2gYTm37j{=N}s%l=<|Kj6@6~VVN9~S#05X5X5 zO(AI|nyjFRXUuS{V>OQbgQ2L4P!7pyEmF}I6~JkAKZ4bCO9p2KYQzgW;Ed)0cSSnE z8NMZ6Gf+M{J}f4n_K(*i^P~flOPJ3qgYlaEr&3P%F=MFX+Si1e1|jc~&-AwXyk8xD zaL6d(|mJXtmSM` z3*BY+8s_vGaF4|mDl?p988`0GaulLifR^ zWXOA$46QfTrviv$TZuDrQUr;KAAsIL%V1jVgLx@WPxIta0(XW|mW(RnAE~9n7z648 zegL9RHYjkZ`ha?KKV`6n8^?Snpo;rc-SHB>>NZo~Xuy60V7QWW763wKb?ku$ppv}< zT9V+Omjb}i6|?fO2Lj-<|H}<+(>F0OSrv;n-wOdO>Asjw2N8wk08e?#zQx>smTG+K z_IjWpNio$`m^7SPDC=it@k&Wqyq1ipCL3*!d{;dnT0MwyDHUeBCU-j!se=w8Dkrk; zF>vjUCj_9wlNGS~d2cdt?zZ*a4lq@Cmn*toSO~u5yXrSYDz?DwuJc+(~GsBJPK&13Lz%)sqRdBO=d;N9PQea4lmh|xsW2hgC@?i!_ zGBqL#4-+QrMG{4Xxg}E5O@^>fQ5}9?D255RcvuwW^KV24j*{n?P0%R$9bHAfWNY$L zT-S$lDm2BW+L!JEUV{WP^%z>2aky3Aw(d=eM!`X(HQv*T&RP%HJpzC*+xjtIeJot- zP##KH!<*#NIus!P1O-6O22e#_MZ!w%luQeTDJoUTxIp30sbv)&a6R8CojGuoaPpI` z$t#R%#gZp(aE+Xq4b{xh1Wdmrx#o^*w1ZO=^4~fHQ=-V_M{U)a@cOe+wV)x-9M^gS zU2T}1P-p&e!v2QE@S}GkQ&`Hj-;f+MNtK(scLRW^pFX0P?%uhM=Hmq_akNIf+~ks4 zJt=u2Zf#nF78%CREN@PaKKKcF1L~f$U9LOy$^>3_V)G$Ox8&|RNq>a9R^kFHD}dxh z{M^Mje?m7@8sG`p7MWhYz#Ma>e0AVbg$4JjVbKIH8&O3iT8;K#+y5#B-*^8g&q7ik_Yf;GKcZ1amMeX{B5)w}KrLUJXn zK$ZIi@Oljwt$>|hL}qs3vtNLuUkDi8oP%C)<5J+!!8zV`}f3u(e)I?vI9>9mTF9lTLYKe)jIG*ya@;| zuRBYO%xDXZ?}{8d0bf`Jckp-FINt5lEL~_{xea>qEd_LmGD~|U{`kkvQ?S6-{jadqMp4ER^0(1lPi<%g zE7*?ip`266Gmp>}wdZYElGvFV;kdATcnTvc!uBgOnL!aI^4{PwnG~z$^EjFre6~i_ z22YS4um_=Ycqy)w<(H=DKjO8m`F&oMZ~czVby!YFeuRKiZwec1PwLz##jtvMhN_31 zw!(?MX(`y7|`!d&xSaSpM>UHeWvWUUE2IVM->r4fG}JV-$fh@eMtCFWI6gE}tl( zm#dCO466Cdy@^V!R0sR)ejC}_p6PJf*~|mhQD>=Z`OJV5UD3??ld|GET{N>AmrEKVF)Br?aix(Y+CqjM zrK&L!Tx_?RMo{$$UJ^bNs2W8_7sGwL>f4{e3)`UY(Mc`koC&kopEeY%5JEpKb8S9; zyqJXdrH#;&!lc$SPqe|~G*-D`=U1aC9kZ+LSA(7$+eU3As#nI6QrCkDqhQyS5SRA> z6DU}}saOKz^GSG1wlR*QVo~Fz-==CEu+knfU&yg|cF&Khkq8i^xMVqEo)Lcb1(0}l zlsY5TU_{a^xS9(~kQ!Z|9mk#BD$03XGcp~YXU1N~zqP{(_|3W55K8w_xTqo)TV2=s zZ>O;N_e-W3BgyYENmU1df3h*4N3c=WL)xnE+1g{M!y?*dwF%W}{#Ed4JT=dmHdgXj zTuP-J{$Bg%mG+>lBN zB8BR@Zz)dO4?(3h7ebB_%oNzhq6g5OS z;hi%U;{i#0*KR#nz~V{FFgM;%mTZ3Kn-10fYEmt?#-$;X6%=fQrciMMd+sdJCol=AT>)`<6IVa_!G2##WLDc*?a` ziWzo1-k+QCvu-a+Hb0AHu3hWAxbGjI&ial2beprD^S{mw7)AR0AI24P-Op`NbYVN> zB#7ff04`&*&gBB&Coo{x|I*wDROFx}Z2Kn8+mu%&l1~5ch?#7oIBwei~b;*Wd|7ch@ODw+X2A!`wQRgw9qN9V9ASutxyu0JonY zi3qo$t{Ok}2VZr*%5mAnDG`$*spO?iNuWml-*LywDV9^nV+?H)oT|Z)R#ygS9Ppb| z7bk`+e+Rw~e<<>9*bI}k_}04N-VCOQqZ*;Skxa71wP4i}x93ydFE4rPf8LQaUP|g0 z8)ghHoB_c>2B&sH74FFwNE1@f!;jKgwN1U@HpVM4+VB|A8K%MaUcw#)DB@hvg@B)T zB?>CZsjxL@gNdnd(kM!~5rIrIbjBy_jY96AW_EF5@sH<37o3?9oaA=A~6*cdm zId+*Bb-io#RU3dR?;-Zn_Q-gS)IPTUrdCHvj6YDPtLq6V?%rX7`|z88P&kwyHmWh6 zzsXlFg5=k%RgoZbudVbvJVoL_0$t0o||uUi#m^kZymVEW0GFWLk5#nnAg`t%nQVp!7P(kqoX0 z?rM+$jZZ+;U5u!qoTKXazcO)+r(ea;k$*Dc2^DDXql%_`c&O-u0|3aq+75;!W=pA(1{NB*pnE zktW%VTdqo=2XWtUGJtSRxM{rUw2ndL(%ojnee{ z9QPrD1amxUGAe69aAwvoYzk(64xD3D@)BNqV;@fnK1( zUlYL&6C+!!8=6=OOBAd35p4ZDG5@|ZUu7vZn#E(f9n}I16X)5se!qg&YPaBZ6*_Hr zBH{QHdDk}Uh5+JcoioAX_iDr)k!Inri>Agm?hMlm3-GrFxG{#OL6Uq^F>5%?)Met) zKCRfN<{`NAERtz@6iHvh<;B3~9}g#xwVtVtsFkw4Fs*y?>R~WDja(gzC$z)6?3RB8 z^XGPb52;N9yF_!d<9&S%rLE^&^u89EBW*;Z8~vg|dIjob020q#w=A`zsx!hlZ>ri4 z=DE1f$0cad1u#5bRJT3@XTFhUx*{k2f1)(CpclM00h3hdR~4r|K^^_aMf~YMRNt=F z^T3&-e*JC=X|;TXZ=P%TZ1Up=j$%++i%LAQ6c>-FmetoE*SOTUWju+|7{xX2a7}j_ zZ`%dYHKHmFGixB9)e4a#qHc1x7*x?D*@q0@T5H#hdJV}oiD$$pRJj^?4rOClzS+0n zZk)|ZkX*a!b5W$=^yWdn{87y(Qt7&1hMk(>L`pm|T|xQ1*lpCw&W?Q;?3m6ga`PKPTT;#TN8mmxZp?1$q*9^y$Oy_K=!;V$g(3ZoQiG)ej z8ooJ)$$`~X4ObPcantPh0?^;lhnDzmJ=bYF)omM-ye7Ivy~`KQ$%oH0ZoJszFIsRw zb9Xp;$bc$jyuEv6I>wP*wI(0B0*anGSaH0x-(NmTIZ07Z6G^XdVMJAukJ8*E!{IJD zCa+o3ebFt*pr~0Djfzqta3K;`T$GSiTa{X5VXNb;GzifN>h4_o z^ApGq@tTQ*(W)BN-Cw83cLsUBn!OhH~&*7$1Pxcr>K)pzz!;BXs{^w zsB{TqGad>PV#JBPos5t%e)Y9{|5uMW9d{-J#A~>ibBY;Bw;C-(1-2x0scQIJ+(U(u zMAq%D^vrqx=I&ytZ{iS_3h+Qx)k3paah_T7ctUvQzi3h#2=Xcs(NTxR#=rqqza=E>iLbk1sh5NG8^QKhyKaUm>s<1Os zJ{W=u+(+4vy!x+HtBj@Y2F&V2p*?kEHh1<9rKnpJ^0zhq+dcX3?yu!N)Aso4 zrY1>bjenqHEuFgimH`0$nv>fmZ2;#QmwXhg=Opo_o`H3o&+VgN2n2k%-_-=xabDXO zT?LbjzlQBM^o9T{7&(@AwE&O2zd!u@a{eR8nRxKkEf@OLavln0+vYHbb8;-<#l|-7 z(;q!kQ9BwHy3k~x<`pUUB!zO^x7?)T@Z?zT4MxDkwjE!lyOj}bvfAG6#m=TUe>w8L zQyZzlj5;5JtVa#xX*D=#1HptTn}(6!Yf1pej!go$SSPLgaD1Pdl+xk%Ce5B#>8DnEG0`H?dee z{nrCE5;wY%o7Keyh3c0J2nF1?{?z`oj}xnZ9?;5BI4|c|p4Aw|9JM(Vi_aY3$Anrs z+RaJcow1-1QJoxN@|LWfq!1{Trvl}R8@i$9i}3Z<>r@>Q=OSpFM(~wXv`5VLrd^Lk$NaPQrV}PSbgnn&7ouO&U;IJPBe9M6MAWjGyaz7{}**< z2D;?4MPB4%`@AmfbV;FXhAUhECgy=^Fpc5Rv61M|;R%h5lE%r42wOW~${k(GS72JG zt0-GhoTUXc>%I3-Vj&MyEEZ*gi3n*5RL`v=bHd@kD@oXN5 zb-lk7`^fVy#tSHBx`@u(D$$)TT9?b!*Da69*FYWwjp8Bj#FMB=UoWVkQS+pKgf{R1 zGis>5lBV&tjW@ft9RdV1Gu9!o2KTn8sXB+;Koa3ZD&>AxmuB8j1*6vG`s|c`g$Ti$ znu-C2!SzY&sK28mJZ-E=1-i{#$v%w?)OTgW=PLLgiFuvaw6(4T$y0P^h-LXDWQ7xeD zErg25edA_kP*`#uy}k?~Nk(-sbE6no1c?}#c%nsE$#!c_jb@s$mekDihDydVbYls>>JYT3vV>nU0xRy25# z!tn&+m|IkdqpNYF<7O4Ac>?SQQ^T)MivCn*uKec7jq>5>H(F^_wFwnO&#!XVtJWKCIZ8BqE z@hucjXOwgO`u;_)lP4q78qN+=taVSwQ&Xyo@g|?9>|V~WFSc+O+(&J4+BAwvDsEx` z(euC19JV_4w5W=$cKdO|w~zfrYxp^{lk@=aR-$tPZ*oGR)`O#wvSAmk(S(GRqI5La zD%DsuOo;=Vtw8c=bImU1R->hgY3UX;OmV}6J=IF#Yz=%@6jV-9EYjOan52wKy166Z zY;QTna%{pLF#plzq0hbxtDc+vt9oYs0@ME!J9hqyQNOj;VX+nC;a~4V%PEv;j+?cg WBrjY20qkxDymsy1S++g+;{O6&Lwu?L literal 0 HcmV?d00001 diff --git a/service.py b/service.py index 6dbc035..dd46c42 100644 --- a/service.py +++ b/service.py @@ -8,8 +8,8 @@ @app.route('/', methods=["GET"]) def home(): remote_user = request.headers.get('REMOTE_USER') - print remote_user - return "This is the service" + print(remote_user) + return "Hello {}, this is the service.".format(remote_user) if __name__ == "__main__": diff --git a/steps.md b/steps.md new file mode 100644 index 0000000..302f364 --- /dev/null +++ b/steps.md @@ -0,0 +1,7 @@ +# Steps to reaching a service + +![Step 1](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/first.png) + +![Step 2](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/second.png) + +![Step 3](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/third.png)